Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Rails 3 protect_from_forgery problems

Tags:

php

ruby-on-rails

protect-from-forgery

I have two applications that need to talk to each other over HTTP. One is a PHP app and the other is my main app, the Rails app. I am needing the PHP app to talk to the Rails app by POSTing data to it, but when I do, I receive the Invalid Authenticity Token error. Is there anyway around this? Or how would I just create my own token to pass along the POST so that my Rails app authenticates?

like image 662
dennismonsewicz Avatar asked Sep 10 '10 14:09

dennismonsewicz

People also ask

How protect_ from_ forgery works?

How protect_from_forgery Works. The protect_from_forgery method in Rails 4.2. 6, which is the current stable version, turns on request forgery protection and checks for the CSRF token in non-GET and non-HEAD requests. If the application does not specify a strategy, it will default to nulling the session.

What is protect_ from_ forgery with exception?

class ApplicationController < ActionController::Base protect_from_forgery with: :exception end. This with parameter is actually the forgery_protection_strategy parameter, it tells Rails how to behave when a CSRF attack is identified.

What is verify_ authenticity_ token in Rails?

verify_authenticity_token() private. The actual before_action that is used to verify the CSRF token. Don't override this directly. Provide your own forgery protection strategy instead. If you override, you'll disable same-origin <script> verification.

How CSRF token works in Rails?

Rails CSRF Token The server generates these tokens, links them to the user session, and stores them in the database. This token is then injected into any form presented to the client as a hidden field. When the client correctly submits the form for validation, it passes the token back to the server.

1 Answers

From the documentation for ActionController::RequestForgeryProtection::ClassMethods

You can skip the authentication token requirement either by specifying and :except or by forcing the before filter to be skipped....Example from the documentation... 

class FooController < ApplicationController
    protect_from_forgery :except => :index

    # you can disable csrf protection on controller-by-controller basis:
    skip_before_filter :verify_authenticity_token
end
like image 85
Rob Di Marco Avatar answered Oct 11 '22 12:10

Rob Di Marco
Sign in to Comment

Related questions

Should you always end mysql queries with "or die?"
Expanding PHP Markdown to Accept CSS Classnames
How to generate short filenames for uploaded photos?
Is it possible to make a Category page the homepage in magento?
Zend Framework - When to use viewscripts/partials vs view helpers
unhandled errors in php
Regular Expression to match unlimited number of options
Can PHP's PDO be limited to a single query?
Zend Framework - counting rows in select clause?
SimpleXML SOAP response Namespace issues
Kohana 3 ORM - grouping where conditions with parentheses
Can I assign an array just by making it equal to another array?
PHP string manipulation: Append html class to a string
Is (int) and is_int() secure to protect against SQL injections?
How to find the transaction is settled/Unsettled in Authorize.net?
php xpath: query within a query result
preg_replace to strip out non-printing characters seems to remove all foreign characters as well
How to avoid UNLINK security risks in PHP?
PHP md5 explained
Why is PHP not interpreted in FF but is interpreted in Chrome on my website?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!